|

Port 1234 UDP traffic increase?

View: New views

5 Messages — Rating Filter: Alert me

	Port 1234 UDP traffic increase? by Dude VanWinkle :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Anyone else seeing a spike in 1234 traffic? That traffic could be subseven, or Infoseek Search Agent, or some trojans, etc. I was just wondering of anyone else is seeing a spike.. Sorry for the noise -JP ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Port 1234 UDP traffic increase? by crazy frog crazy frog :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message its a trojan backoffice or may be i forogot the real name? On Dec 13, 2007 11:03 PM, Dude VanWinkle <dudevanwinkle@...> wrote: > Anyone else seeing a spike in 1234 traffic? > > That traffic could be subseven, or Infoseek Search Agent, or some > trojans, etc. I was just wondering of anyone else is seeing a spike.. > > > Sorry for the noise > > -JP > > ------------------------------------------------------------------------- > This list sponsored by: SPI Dynamics > > ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper > It's as simple as placing additional SQL commands into a Web Form input box > giving hackers complete access to all your backend systems! Firewalls and IDS > will not stop such attacks because SQL Injections are NOT seen as intruders. > Download this FREE white paper from SPI Dynamics for a complete guide to protection! > > https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E > -------------------------------------------------------------------------- > > -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Port 1234 UDP traffic increase? by Dude VanWinkle :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Dec 14, 2007 4:48 AM, crazy frog crazy frog <i.m.crazy.frog@...> wrote: > its a trojan backoffice or may be i forogot the real name? Well, I should have stated that this appears to be inbound traffic, coming from places such as doubleclick.net.. -JP ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Port 1234 UDP traffic increase? by Dude VanWinkle :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Dec 14, 2007 12:05 PM, Bob Holowenko <holowenko@...> wrote: > Personally I do not think we have to worry about traffic from doubleclick. > They were bought out by Google last spring I believe. As for traffic on port > 1234 I have not seen any increase in it. I will however be setting up some > packet sniffing on my network edge to see if I can get more information > about what is being carried in those packet. > > Anyone have any wireshark caps already? OK, I figured this one out with a little help from wireshark and the machines receiving the traffic. Apparently 1234/UDP is used for a proprietary Video Streaming application. I think what I will take away from this is that while the last time I was watching this much traffic, viruses were noisy and big. Today, the ones to worry about are DDoS (80,53, 433, 8080, etc) and quiet C&C channels. I guess the days of massive floods related to malware/viruses/worms are long gone. Once again, sorry for the noise. I will try and do some more legwork before hitting up the list :-) -JP ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this FREE white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
	Re: Port 1234 UDP traffic increase? by Steve Barnet-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Dude VanWinkle wrote: [...] > I think what I will take away from this is that while the last time I > was watching this much traffic, viruses were noisy and big. Perhaps the better take away is that categorizing traffic by proto/port is a pretty broad cut and to really know what's up you have to do exactly what you did: get your hands dirty and look at those bits. This has been a good reminder. Best, ---Steve -- Steve Barnet UW IceCube Orange Alert: We believe that parties unnamed will attack places not specified with weapons unknown at some point in the future.